Information SecurityOffice & Home

IT ForumOctober 29, 2009

Presenters:Diane Jachimowicz – Senior Technology Services AnalystAnthony Maszeroski – Information Security ManagerDanielle Morse – Associate Director, Desktop Services

House Keeping

• Sign In Sheet• Prizes• Speakers• Top 10 Office Security Tips• Agenda

Agenda• Personally Identifiable Information (PII)• Safer Web Browsing• Office Security• Student Use of Office PC’s• Passwords• Royal Drive• Encryption of Files• USB Encryption• McAfee AntiVirus• Home Tools• Q & A• Announcements/Prizes Awarded

Sensitive Information

• Any information which, if disclosed in an unauthorized manner, would cause damage or embarrassment to individuals or the University, or any information classified as internal/confidential or restricted.

Sensitive Information

• Loss Criteria– Loss in reputation and public (donor) confidence– Loss of competitive advantages– Increase in operational expenses– Violations of contract agreements– Violations of legal and regulatory requirements– Delayed income costs– Loss in revenue– Loss in productivity

Sensitive Information - Student

• Academic Records• Credit / Debit Card Number• Credit / Payment History• Criminal Records• Disciplinary Action• Driver’s License Number / License Plate• Employee Data / Resume (Career Services)• Financial Aid Status• Income or Spending Habits• Insurance Information (e.g., policy #)

Sensitive Information - Student

• Public Safety Incident Data• Parent Biographical Data• Scholarship Information• Social Security Number (SSN)• Student Activities• Student Banking Information• Student Biographical Data• Student Counseling Records• Student Health Records

Sensitive Information – Employee

• Academic Records• Benefits Coverage• Credit / Debit Card Number• Credit / Payment History• Criminal Records• Disciplinary Action• Driver’s License Number / License Plate• Employee Banking Information

Sensitive Information – Employee

• Employee Biographical Data (e.g., spouse/children)

• Income or Spending Habits• Payroll• Performance Reviews• Scholarship Information• Social Security Number (SSN)• Tax Information

Sensitive Information - Donor

• Academic Information• Credit / Debit Card Number• Credit / Payment History• Donor Banking Information• Donor Biographical Data• Driver’s License Number / License Plate• Event / Ticketing / Travel

Sensitive Information - Donor

• Gift Data• Giving Society Memberships• Income or Spending Habits• Insurance Information• Prospect Data• Real Estate / Securities• Social Security Number (SSN)

Sensitive Information – Financial

• Accounts Payable Records• Contract Data• Copies / Images of Cleared Checks• Copies / Images of Deposited Checks• Credit Card Data• Expense Reports• Financial Reports

Sensitive Information - Financial

• Procurement Data• Tax Data• University Banking Data• University Budgets• University Investment Data• Wire / ACH Instructions

Safer Web Browsing Using Firefox

• Intranet (*.scranton.edu)– Internet Explorer 7

• Internet (anything other than *.scranton.edu)– Firefox 3.5.x– Plugin Checkerhttp://www.mozilla.com/en-US/plugincheck/

Office Security

• Keep your office locked even if you just step out for a minute

• Don’t leave valuables in plain view• Consider taking your laptop home with you • Report suspicious activity immediately• If the building is locked, don’t let someone you don’t

know into the building• Don’t become so absorbed in what you are doing that you

don’t notice the activity around you• Confidential documents should be put away and not left

visible and unattended on work desks

Office Computer Security

• Computer screens should be angled so visitors can’t see sensitive information

• Shutdown every night• Unplug over holidays• Use Laptop Locks• Backup Storage

Logoff when you leave

To Lock Down Windows XP Click Ctrl+Alt+Delete Select "Lock Workstation" This will bring up your login screen and lock your computer down

Windows XP shortcut: Click the Windows key (the flying window key at the bottom of the key board) and the L key. This will bring up your login screen and lock your computer down.

To Lock Down Windows Vista at homeGo to the Start menuAt the bottom right you'll see an icon of a padlockClick it to lock the computer

Student Use of Office Computers

• Designated Student Computers• Secure storage space• Check Student PC Periodically• Confidentially Agreements

Why You Need a Secure Password

• Authenticate or prove your identity• Malicious e-mail sent in your name• Your password can be used to commit fraud,

post child pornography, send spam, make threats, break into other systems, and much more.

Protect Your Password

• Select a unique password• Avoid any password with personal information:• Birth date, name, home town, or mother's maiden

name • Children’s name, pet's name, or your best friend • Driver's License, phone, address, license plate,

social security number, or PIN numbers• Don’t write down your password• Don’t tell anyone your password

Common Password Mistakes

changemepasswordstartcomputerinternetihavenopassmypasswordopenupscrantonLetmein123456

Creating a Secure Password

• Use 9 or more characters• DO NOT use plain dictionary words• Include at least 3 of the following criteria:– lowercase letters– UPPERCASE letters– Numbers– Punctuation

• 4S&7yaofb4th

Passwords are like Underwear…

• Change Yours Often!• Don't Share Them with Friends!• Be Mysterious!• The Longer the Better!• Don’t Leave Yours Lying Around!

Consider these findings...

• More than 40% of all individually-chosen passwords are readily guessed by someone who knows you

• 3,000 out of 13,000 passwords cracked• Gaining access to one password often

provides access to other systems and accounts

How Passwords are Cracked

• Dictionary programs• Changing the default password• Guessable passwords• Commonly-chosen passwords• Short passwords

Tips for strong passwords...

• DON'T use your login name in any form• DON'T use a password made up of all digits,

or of all the same letter• DON'T use words in the dictionary• DON'T use consecutive or adjacent keys• DON'T use "remember my password

features"

Tips for strong passwords...

• DO include a mix of upper and lower case, numbers, and punctuation such as HY?j4iP or 3rt!dlP

• DO use a password that you can type quickly without having to look at the keyboard

• DO change your password regularly

Royal Drive

• What is it?• Who should use it? • How do you get to it?• Why should you use it?• Royal Drive is used in over 120 colleges and

universities throughout the country including Georgetown, Boston College, Harvard, Princeton and Yale.

Royal Drive Benefits

• Secure Storage• Document Sharing/Collaboration• Intellitach

Encryption

• Encryption is the process of encoding data to ensure that unauthorized parties cannot view it.

• To accomplish encryption, a key or code provided by you is used to encrypt the data, making encryption difficult to crack.

• A few encryption options are readily available to you.

ENCRYPTION OF FILES

USB ENCRYPTION

TrueCrypt

• Software application used for real-time on-the-fly encryption

• Free, open-source software available for Windows 7/Vista/XP, Mac OS X, and Linux

• Encrypts an entire partition or storage device such as a USB Flash Device (UFD) or hard drive

• Creates a virtual encrypted disk within a file and mounts it as a real disk

TrueCrypt UFD Encryption Service

• The TSC does not provide UFDs. You will need to purchase and take a UFD with you.

• The encryption process will destroy any existing data on the UFD.

• During the encryption process, you will be prompted to enter a password for your device. TSC staff will encourage you to select a password that is 20 characters or more in length. Determining the password you intend to use before you visit the TSC is recommended.

• When complete your original UFD will contain an encrypted TrueCrypt volume and TrueCrypt Traveler Disk Software.

MCAFEE VIRUSSCANENTERPRISE 8.7I

McAfee VirusScan Enterprise

McAfee VirusScan Enterprise

McAfee VirusScan Enterprise

McAfee VirusScan Enterprise

McAfee VirusScan Enterprise

McAfee VirusScan Enterprise

McAfee VirusScan Enterprise

McAfee VirusScan Enterprise

Home Tools

• Microsoft Security Essentials– http://www.microsoft.com/Security_Essentials/

• MalwareBytes– http://www.malwarebytes.org/

• SUPERAntiSpyware– http://www.superantispyware.com/

• Secunia PSI– http://secunia.com/vulnerability_scanning/

• CCleaner– http://www.ccleaner.com/

Q &A???

Next IT Forum

Topic: Windows 7Date: November 24, 2009Time: 11:30am – 1:00pmLocation: BRN 509RSVP: ITServices@scranton.eduLunch will be provided

And the Winners are…….